Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,606 advisories

Loading
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote... High Unreviewed
CVE-2025-1388 was published Feb 17, 2025
CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render... High Unreviewed
CVE-2025-1070 was published Feb 13, 2025
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q... Moderate Unreviewed
CVE-2025-26350 was published Feb 12, 2025
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-10960 was published Feb 12, 2025
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-13365 was published Feb 12, 2025
The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13714 was published Feb 12, 2025
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense... High Unreviewed
CVE-2025-26411 was published Feb 11, 2025
A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical... Moderate Unreviewed
CVE-2025-1166 was published Feb 11, 2025
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the... Moderate Unreviewed
CVE-2025-1165 was published Feb 11, 2025
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-13011 was published Feb 10, 2025
An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0... High Unreviewed
CVE-2024-57408 was published Feb 10, 2025
In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload... Critical Unreviewed
CVE-2024-57668 was published Feb 6, 2025
OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for... Critical Unreviewed
CVE-2025-1066 was published Feb 6, 2025
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-1028 was published Feb 5, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated... High Unreviewed
CVE-2024-13723 was published Feb 5, 2025
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to... Critical Unreviewed
CVE-2024-57968 was published Feb 3, 2025
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Critical Unreviewed
CVE-2024-57450 was published Feb 3, 2025
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed
CVE-2025-24505 was published Jan 30, 2025
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2024-13448 was published Jan 28, 2025
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... Critical Unreviewed
CVE-2025-0357 was published Jan 25, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a... Critical Unreviewed
CVE-2025-24650 was published Jan 24, 2025
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed
CVE-2024-40693 was published Jan 24, 2025
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating... High Unreviewed
CVE-2024-25034 was published Jan 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database